Total
757 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-33921 | 1 Dell | 1 Geodrive | 2024-11-21 | N/A | 7.0 HIGH |
Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities. A low privilege attacker could potentially exploit this vulnerability, leading to the execution of arbitrary code in the SYSTEM security context. | |||||
CVE-2022-33037 | 1 Orwell-dev-cpp Project | 1 Orwell-dev-cpp | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-33036 | 1 Embarcadero | 1 Dev-c\+\+ | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. | |||||
CVE-2022-33035 | 1 Netsarang | 1 Xlpd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | |||||
CVE-2022-32972 | 1 Infoblox | 1 Bloxone Endpoint | 2024-11-21 | N/A | 7.8 HIGH |
Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injection that can result in local privilege escalation. | |||||
CVE-2022-32576 | 1 Intel | 1 Unite | 2024-11-21 | N/A | 6.7 MEDIUM |
Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2024-11-21 | N/A | 5.5 MEDIUM |
Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | |||||
CVE-2022-32223 | 2 Microsoft, Nodejs | 2 Windows, Node.js | 2024-11-21 | N/A | 7.3 HIGH |
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. | |||||
CVE-2022-32222 | 2 Nodejs, Siemens | 2 Node.js, Sinec Ins | 2024-11-21 | N/A | 5.3 MEDIUM |
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | |||||
CVE-2022-32168 | 1 Notepad-plus-plus | 1 Notepad\+\+ | 2024-11-21 | N/A | 7.8 HIGH |
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++. | |||||
CVE-2022-31694 | 1 Installbuilder | 1 Installbuilder | 2024-11-21 | N/A | 7.3 HIGH |
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL. | |||||
CVE-2022-31611 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | N/A | 6.8 MEDIUM |
NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | |||||
CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2024-11-21 | 4.4 MEDIUM | 7.9 HIGH |
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | |||||
CVE-2022-30744 | 1 Samsung | 1 Kies | 2024-11-21 | 4.4 MEDIUM | 6.2 MEDIUM |
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. | |||||
CVE-2022-30701 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
CVE-2022-30696 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3640 | |||||
CVE-2022-30548 | 1 Intel | 1 Glorp | 2024-11-21 | N/A | 6.7 MEDIUM |
Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-2334 | 1 Softing | 6 Edgeaggregator, Edgeconnector, Opc and 3 more | 2024-11-21 | N/A | 7.2 HIGH |
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22. | |||||
CVE-2022-2333 | 1 Honeywell | 1 Softmaster | 2024-11-21 | N/A | 8.8 HIGH |
If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions. | |||||
CVE-2022-2313 | 1 Mcafee | 1 Agent | 2024-11-21 | N/A | 8.2 HIGH |
A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed. |